Security systems, methods, and computer program products for information integration platform

ABSTRACT

An information integration system may include a set of integration services embodied on one or more server machines in a computing environment. The set of integration services may include connectors communicatively connected to disparate information systems. The connectors may be configured for integrating data stored in the disparate information systems utilizing a common model employed by the set of integration services. The common model may overlay, augment, integrate, or otherwise utilize a content management interoperability services data model and may include common property definitions and a common security model. The common security model may include permissions particularly defined for use by the set of integration services. These common property definitions and permissions may be uniquely defined and utilized by the information integration system.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation application of U.S. patent application Ser. No.14/210,536, filed Mar. 14, 2014, entitled “SYSTEMS, METHODS AND COMPUTERPROGRAM PRODUCTS FOR INFORMATION INTEGRATION ACROSS DISPARATEINFORMATION SYSTEMS,” which is a conversion of, and claims a benefit ofpriority under 35 U.S.C. §119 from U.S. Provisional Application No.61/782,984, filed Mar. 14, 2013, entitled “SYSTEM, METHOD AND COMPUTERPROGRAM PRODUCT FOR INFORMATION INTEGRATION ACROSS DISPARATE INFORMATIONSYSTEMS,” the entire disclosures of which are fully incorporated byreference herein for all purposes.

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent file or records, but otherwise reserves all copyrightrights whatsoever.

TECHNICAL FIELD

This disclosure relates generally to information management. Moreparticularly, embodiments disclosed herein relate to an inventiveversatile and extensible solution for integrating information acrossdisparate data sources such as information systems.

BACKGROUND

Information integration refers to the merging of information fromheterogeneous sources with differing conceptual, contextual andtypographical representations. Typically, information integration refersto textual representations of data mined and consolidated fromunstructured or semi-structured resources. One example of an informationintegration technology is based on data warehousing where a datawarehouse system extracts information from source databases, transformsthe extracted information, and then loads the transformed informationinto a data warehouse. This technology, however, requires that theinformation must be stored in a single database with a single schema.Thus, when a new source is added to a system such as a content server,the entire new data set from the new source would need to be manuallyintegrated to comply with the existing database schema.

Another issue is the disparate nature of sources providing theinformation. It can be extremely difficult and expensive for any singleenterprise to collect and integrate all the desired information fromdisparate sources. To this end, a virtual data integration solution maybe used. To implement a virtual data integration solution, applicationdevelopers may construct a virtual schema against which users can runqueries. Additionally, the application developers may design wrappers oradapters for each data source. When a user queries the virtual schema,the query is transformed into appropriate queries over the respectivedata sources. The wrappers or adapters simply transform local queryresults returned by the respective data sources into a processed form. Avirtual database combines the results of these queries into the answerto the user's query. This technology, however, is not extensible. When anew source is added to a system, a virtual schema must be constructedand new wrappers or adapters written for the new source.

The aforementioned information integration technologies exemplifychallenges in the field of information management. There are continuingneeds for sharing, accessing, aggregating, analyzing, managing, andpresenting information stored in disparate information systems such ascontent servers, document servers, content repositories, and so on in aunified, cohesive, synchronized, efficient, and secure manner.

SUMMARY OF THE DISCLOSURE

An object of the invention is to address challenges and needs in thefield of information management. Another object of the invention is toextend control and influence over content owned or under control by anentity such as a business or organization. Yet another object of theinvention is to enable entities to manage content stored in disparateinformation systems and perhaps shared among users having different jobfunctions and/or roles. Another object of the invention is to extendcontrol and exposure of all the data in an enterprise, whether the datais originated within the enterprise or from third parties outside of theenterprise. Yet another object of the invention is to provide reusablecomponents such as connectors, interfaces, content analytics and so onthat can be used to build search based applications.

As described below, these and other objects of the invention can berealized by way of an information integration system that enablesapplications to access, aggregate, analyze, manage, and presentinformation stored in disparate information systems to end users anddevelopers alike in a unified, cohesive, synchronized, efficient, andsecure manner. Examples of applications may include various enterpriseapplications such as web based applications, search based applications,and non-search applications, etc.

In some embodiments, an information integration system may include a setof integration services embodied on one or more server machines in acomputing environment. The set of integration services may includeconnectors communicatively connected to disparate information systems.These connectors, which may be of a single type or of different types,may be configured for integrating data stored in the disparateinformation systems utilizing a common model employed by the set ofintegration services.

The common model may overlay, augment, integrate, or otherwise utilize acontent management interoperability services (CMIS) data model and mayinclude common property definitions and a common security model. Thecommon security model may include permissions particularly defined foruse by the set of integration services. These common propertydefinitions and permissions may be uniquely defined and utilized by theinformation integration system.

In some embodiments, a search system may be communicatively connected tothe disparate information systems via the set of integration services.In some embodiments, a principal service may be included for workingwith the search system to perform an inbound check utilizing thepermission model. In some embodiments, an authorization service may beincluded for working with the search system to perform an outbound checkutilizing the permission model. Some embodiments of an informationintegration system can accommodate at least four security modes: nocheck, inbound check only, outbound check only, or both the inboundcheck and the outbound check.

In some embodiments, a data collector may be communicatively connectedto the disparate information systems via the set of integrationservices. In some embodiments, the data collector may have its ownconnectors configured for collecting data across the disparateinformation systems. In some embodiments, the data collector may utilizethe connectors provided by the set of integration services. In someembodiments, a connector service provider interface may be included forallowing a service provider to deploy and configure one or moreextensible connectors used by the set of integration services tocommunicate with a particular information system at the backend.

In some embodiments, a method for information integration may includedeploying a set of integration services on one or more server machinesin a computing environment, the set of integration services having a setof connectors communicatively connected to disparate informationsystems. The method may further include integrating, via the set ofconnectors, data stored in the disparate information systems utilizing acommon model employed by the set of integration services. The commonmodel may implement an embodiment of the common model overlaying theCMIS data model and may include common property definitions and a commonsecurity model. The common security model may include permissionsparticularly defined for use by the set of integration services.

In some embodiments, a data integration method for integrating data fromdata repositories, the data repositories using disparate data models forstored data, may include using a set of integration services forintegrating the data repositories and the data stored therein. The setof integration services may define a common model including commonproperty definitions and common security models and may further definedata connectors to integrate data stored in the data repositories. Themethod may further include using the common model to overlay apreexisting content management interoperability services model with thecommon property definitions and a common security model including a setof permissions defined for use by the set of integration services. Themethod may further include using the data connectors to map thedisparate data models of the data repositories such that the data storedin the data repositories become available to the set of integrationservices.

One embodiment comprises a system comprising a processor and anon-transitory computer-readable storage medium that stores computerinstructions translatable by the processor to perform a methodsubstantially as described herein. Another embodiment comprises acomputer program product having a non-transitory computer-readablestorage medium that stores computer instructions translatable by aprocessor to perform a method substantially as described herein.

Numerous other embodiments are also possible.

These, and other, aspects of the disclosure will be better appreciatedand understood when considered in conjunction with the followingdescription and the accompanying drawings. It should be understood,however, that the following description, while indicating variousembodiments of the disclosure and numerous specific details thereof, isgiven by way of illustration and not of limitation. Many substitutions,modifications, additions and/or rearrangements may be made within thescope of the disclosure without departing from the spirit thereof, andthe disclosure includes all such substitutions, modifications, additionsand/or rearrangements.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings accompanying and forming part of this specification areincluded to depict certain aspects of the disclosure. It should be notedthat the features illustrated in the drawings are not necessarily drawnto scale. A more complete understanding of the disclosure and theadvantages thereof may be acquired by referring to the followingdescription, taken in conjunction with the accompanying drawings inwhich like reference numbers indicate like features and wherein:

FIG. 1 depicts a diagrammatic representation of one example of a networkenvironment in which embodiments disclosed herein can be implemented;

FIG. 2 depicts a diagrammatic representation of one embodiment of asystem having a set of integration services for integrating data acrossdisparate information systems;

FIG. 3 depicts a diagrammatic representation of one embodiment of acommon model utilized by a set of integration services for integratingdata across disparate information systems;

FIG. 4 depicts a diagrammatic representation of one embodiment of aninformation integration system through which a search application canaccess objects in disparate information systems;

FIG. 5 depicts a diagrammatic representation of one embodiment of a setof connectors configured for integrating data stored in disparateinformation systems according to a common model utilized by a set ofintegration services;

FIG. 6 depicts a flow diagram illustrating one embodiment of a method ofdynamically creating a new connector in an information integrationsystem post-installation;

FIG. 7 depicts a diagrammatic representation of one embodiment of aninformation integration system having a set of connectors through whicha data collector can collect data from disparate information systems andthrough which a search system can search data across the disparateinformation systems;

FIG. 8 depicts a diagrammatic representation illustrating exampleoperations of an information integration system having a set ofintegration services and a search system according to some embodiments;

FIG. 9 depicts a diagrammatic representation of one embodiment of aninformation integration system with optional components;

FIG. 10 depicts a diagrammatic representation of an informationintegration system with different possible configurations according tosome embodiments;

FIG. 11 depicts a flow diagram illustrating one embodiment of a methodfor information integration across disparate information systems fornon-search based applications;

FIG. 12 depicts a flow diagram illustrating one embodiment of a methodfor information integration across disparate information systems forsearch based applications;

FIG. 13 depicts a diagrammatic representation of a user interface of anexample discovery application displaying search results provided by oneembodiment of an information integration system disclosed herein;

FIG. 14 depicts a diagrammatic representation of a user interface of anexample lifecycle management application displaying a dashboardgenerated using an embodiment of an information integration systemdisclosed herein;

FIG. 15 a diagrammatic representation of a page view of an examplelifecycle management application, illustrating that data from disparateinformation systems can be aggregated and filtered using an embodimentof an information integration system disclosed herein; and

FIG. 16 depicts a diagrammatic representation of a data processingsystem for implementing portions and components of an informationintegration system.

DETAILED DESCRIPTION

The invention and the various features and advantageous details thereofare explained more fully with reference to the non-limiting embodimentsthat are illustrated in the accompanying drawings and detailed in thefollowing description. Descriptions of well-known starting materials,processing techniques, components and equipment are omitted so as not tounnecessarily obscure the invention in detail. It should be understood,however, that the detailed description and the specific examples, whileindicating some embodiments of the invention, are given by way ofillustration only and not by way of limitation. Various substitutions,modifications, additions and/or rearrangements within the spirit and/orscope of the underlying inventive concept will become apparent to thoseskilled in the art from this disclosure.

Before describing embodiments in detail, however, it may be helpful toprovide an example of a network environment in which embodiments can beimplemented. This is illustrated in FIG. 1. In this example, networkenvironment 100 may include client devices 101 a, 101 b . . . 101 ncommunicatively connected to web server 20 over network 10. Web server20 may be communicatively connected to a plurality of informationsystems 40 a, 40 b . . . 40 n directly or by way of informationintegration system 30. In this disclosure, information systems 40 a, 40b . . . 40 n may include backend systems such as data storage systemsresiding in a storage tier and described in more detail below.Information integration system 30 may reside on one or more servermachines. Each of the client devices and server machines illustrated inFIG. 1 can be a data processing system, an example of which is shown inFIG. 14.

Example embodiments of an information integration system will now bedescribed.

FIG. 2 depicts a diagrammatic representation of one embodiment of asystem having a set of integration services for integrating data acrossdisparate information system. Architecturally, system 200 may includeapplication tier 220, integration tier 230, and storage tier 240.Information integration system 30 shown in FIG. 1 may implement anembodiment of information integration system 200 shown in FIG. 2.

Storage tier 240 may comprise repositories 280 and database 290.Repositories 280 may include multiple disparate information systems.Data in such information systems may be formatted differently and/orstructured using different data models. Examples of information systemscan include various data storage systems and repositories such asdocument management systems, content management systems, contentrepositories, document repositories, content servers, document servers,etc. In this disclosure, these systems may be collectively referred toherein as backend systems. Database 290 may be communicatively connectedto information integration server 250 and may contain data for use byinformation integration server 250. For example, database 290 may storeconfigurations for connecting to the repositories 280. Theseconfigurations may include configuration parameters defined by serviceproviders. In one embodiment, database 290 may be a relational database.

Application tier 220 may comprise a plurality of applications, includingapplication 222. There can be various types of applications, includingmobile applications, web based applications, and enterprise-classapplications, at application tier 220. For discussion and examples ofenterprise-class applications, readers are directed to U.S. patentapplication Ser. No. 13/939,946, filed Jul. 11, 2013, and entitled“SYSTEMS AND METHODS FOR IN-PLACE RECORDS MANAGEMENT AND CONTENTLIFECYCLE MANAGEMENT,” which is incorporated herein by reference.

Integration tier 230 may comprise information integration server 250.According to this disclosure, various applications may access data inbackend systems through an information integration server in variousways. For example, an In-Place Records Management (RM) application(available from Open Text, headquartered in Waterloo, Ontario, Canada)may manage records “in-place” as they are stored in backend systemsthrough an embodiment of an information integration server. As anotherexample, a search application may search information across disparatebackend systems by way of an embodiment of an information integrationserver. As yet another example, a browser may access information acrossdisparate backend systems by way of an embodiment of an informationintegration server.

In the example of FIG. 2, information integration server 250 may includeintegration services 260. Integration services 260 may provideapplication 222 with synchronous access to backend systems 280 residingat storage tier 240. In one embodiment, integration services 260 mayinclude authentication filter (servlet component) 261, CMIS gateway(servlet component) 263, service provider interface (interfacecomponent) 265, credential storage (servlet component) 267, credentialstore (storage component) 269, and connectors (connector component) 270.Those skilled in the art will recognize that integration services 260may be implemented in various ways. For example, one or more componentsof integration services 260 shown in FIG. 2 may be optional, as furtherdescribed below. Furthermore, in some embodiments, integration services260 may include one or more components not explicitly shown in FIG. 2.

Authentication filter 261 can be implemented in various ways. Forexample, in one embodiment, authentication filter 261 may implement asingle sign-on (SSO) solution. Other access control solutions such aslayering Hypertext Transfer Protocol Secure (HTTPS) on top of the securesockets layer (SSL)/Transport Layer Security (TLS) protocol may also bepossible. In some embodiments, authentication may be optional. Forexample, if application 222 is responsible for handling authenticationor if authentication is not required in system 200, then authenticationfilter 261 may be optional.

Suppose authentication is required and a user of application 222 isauthenticated using authentication filter 261, integration services 260may operate to determine if the user already has a session on therequested information system at the backend. For example, referring toFIG. 1, user 101 a may already have a session open with backend system40 a without going through information integration system 30. If theuser already has a session on the requested information system at thebackend, application 222 may call integration services 260 with asession identifier (ID) which is then stored in credential store 269 viacredential storage 267. If the user does not have a session on therequested information system at the backend, integration services 260may operate to check credential store 269 and, if the user is permittedto access the requested information system per information stored incredential store 269, cause CMIS gateway 263 to open a session on therequested information system (using an appropriate connector, explainedbelow). User credentials stored in credential store 269 may beencrypted.

Before discussing CMIS gateway 263 in more detail, it might be helpfulto discuss an open standard known as Content Management InteroperabilityServices (CMIS). CMIS defines an abstraction layer that allows differentcontent management systems to inter-operate over the Internet using webprotocols. Specifically, CMIS includes a set of services for adding andretrieving documents and provides a data model referred to as the CMISdata model. The CMIS data model covers typed files and folders withgeneric properties that can be set or read. The CMIS data model is basedon common architectures of the backend systems. Consequently, CMIS doesnot define how a backend system can be mapped to the CMIS data model.Furthermore, these backend systems may have different expressions of theCMIS data model in which key-value pairs in the CMIS data model may beexposed differently from system to system.

To this end, CMIS gateway 263 may decouple the CMIS data model fromdisparate backend systems while allowing frontend applications whichutilize the CMIS to access content stored in the disparate backendsystems. As illustrated in FIG. 2, one way to decouple CMIS data model215 from disparate information systems 280 is to overlay CMIS data model215 with integration services (IS) common model 210. CMIS gateway 263may maintain IS common model 210. IS common model 210 may overlay,integrate, augment, or otherwise utilize CMIS data model 215. CMISgateway 263 may call one of connectors 270 to communicate with aparticular information system 280 at storage tier 240. Connectors 270may be configured or otherwise adapted to communicate with informationsystems 280. Service provider interface 265 may allow a new connector tobe deployed into system 200. Examples of connectors 270 are describedbelow with reference to FIGS. 3-5. An example of a method for adding anew connector to an information integration system is described belowwith reference to FIG. 6.

FIG. 3 depicts a diagrammatic representation of how an informationintegration system may operate to integrate data across disparateinformation systems utilizing connectors and an IS common model. Asdescribed above, these disparate information systems may implementdifferent data models. Referring to FIG. 3, in some embodiments,metadata stored in an information system according to repositoryspecific data model 305 may be mapped to CMIS conventions conforming toCMIS data model 315 using connectors such as connectors 270 shown inFIG. 2, connectors 465, 475 shown in FIG. 4, or connectors 770 shown inFIG. 7.

As illustrated in FIG. 3, this CMIS mapping can be bi-directional. Thatis, in some embodiments, an information integration system may beconfigured to provide a two-way translation for a repository data modeland the CMIS data model. In some embodiments, this two-way translationcan be characterized by: 1) repository objects are unambiguouslytranslated into instances of CMIS types; and 2) instantiation of CMIStypes result in unambiguous instantiation of repository objects.

To provide for this bi-directional CMIS mapping, a connector may beconfigured with several Java classes, including a type manager class,for interfacing with a specific information system at the backend,mapping the data model used by the specific information system at thebackend to the CMIS data model maintained by the CMIS gateway, creatingtypes appropriate for the specific information system, and exposing thetypes through the CMIS gateway to the application tier. This kind ofconnectors may be preconfigured as part of the information integrationsystem. Post-installation of the information integration system,extensible connectors may be added, as explained below. Extensibleconnectors may not create types on the information systems at thebackend, although they can still create instances of types and exposethose types.

An example type can be a document type that defines a documentguaranteed to have an integer in its metadata and the integer is somefile number. Suppose the file number is guaranteed to have a certainlength and fit into two bytes. Also, suppose a second document typedefines a different file number that fits into four bytes. In aninformation system, these types maybe called type 1 and type 2 or typeshort and type long. These types are created and defined in the sameinformation system. A repository connector configured for thisinformation system may create type 1 or type 2 as well as instancesthereof, while an extensible connector may create instances of type 1 ortype 2. A repository connector may be created, configured, and installedas part of the information integration system. In this case, therepository connector would have the knowledge as to the length ofnumbers that are used by the two types and how to map between thelengths of numbers to be exposed. An extensible connector may beconfigured and deployed by a service provider into the informationintegration system post-installation using a connector service providerinterface such as connector service provider interface (SPI) 265 shownin FIG. 2. In this case, the extensible connector is not required tohave the knowledge to create the types. Rather, it creates instances ofthe types and exposes them accordingly.

These connectors are embeddable and available via integration servicesdescribed herein. They are responsible for using common propertydefinitions and common permissions such as common property definitions311 and common permissions 313 shown in FIG. 3. Common propertydefinitions 311 and common permissions 313 may be uniquely defined andutilized by an information integration system such as system 200 shownin FIG. 2. Specifically, common permissions may be particularly definedfor use by integration services such as integration services 260 shownin FIG. 2. In one embodiment, common permissions 313 may comprise accesscontrol list (ACL) permissions.

As described above, the CMIS data model may cover typed files andfolders with generic properties that can be set or read. Although dataexposed by CMIS data model 315 may not fully cover the types of dataheld according to repository specific data model 305 in the giveninformation system, in some embodiments, data exposed by CMIS data model315 (referred to as CMIS data in FIG. 3) may cover a set of data typessufficient for mapping data held in a given information system. A modelmapping operation (e.g., an operation that maps data in repositoryspecific data model 305 to common model 310) using a connector mayunambiguously translate a repository object into a list of CMIS typedkey-value pairs, resulting in a “flattened” output. CMIS have items thathave metadata, items that have metadata and a content stream, items thathave metadata and children, policies and relationships, and so on. Themetadata in those cases is flattened into multivalued properties thathave, for instance, names, types, integers, and strings. As illustratedin FIG. 3, flattened output 320 may include the CMIS data (CMIS typedkey-value pairs) and some additional data (key-value pairs) originatedfrom additional analysis. Such additional data may not map to instancesof data in the CMIS data model.

CMIS has the notion of property definitions such as name, value, andtype. For example, “Filename” in a repository specific data model maymap to CMIS Object “cmis:localName”. Common model 310 includes commonproperty definitions 311 that are far more comprehensive. In someembodiments, these are referred to as “common keys” or “keys” and mayinclude, but are not restricted, to:

-   -   DocumentID    -   Name    -   Description    -   Type    -   Subject    -   Authors    -   Created    -   Modified    -   CreatedBy    -   OwnedBy    -   FileType    -   MimeType    -   Size    -   VersionMajor    -   VersionMinor    -   VersionLabel    -   NumberVersions    -   FileName

In this way, semantically equivalent attributes or metadata fields usedby disparate information systems at the backend can be mapped to thesame common key used by common model 310.

For example, suppose common model 310 employs a key “author” andrepository specific data models employ different attributes or metadatafields such as “author,” “author name,” “author_name,” “AuthorName,”“Name_Author,” etc. Through CMIS mapping, these semantically equivalentattributes or metadata fields may all be mapped to “author” and indexedaccordingly. Likewise, when searching disparate information systems atthe backend, “author” may be mapped to “author,” “author name,”“author_name,” “AuthorName,” “Name_Author,” etc. used by disparateinformation systems. Accordingly, when a search is performed to look fordocuments by a certain author named “John Smith,” all documents authoredby “John Smith” in the information systems may be found, even thoughdifferent information systems may associate this name value “John Smith”with the documents using different attributes or metadata fields.

Connectors are an important part of this bi-directional CMIS mapping.When a service provider develops a connector, they have to develop theCMIS portion described above and an authorization portion and aprincipals service portion described below. The authorization portionand the principals service portion are completely outside of theconventional CMIS data model and are used for the common security modeldisclosed herein. While the CMIS allows access to an ACL in a typicalcontent management system, if a service provider wants to use the commonsecurity model, they have to implement special common model permissionsused by the search API. Note that the common security model also usesACL permissions, although it supports additional common permissions.

A data collector such as data collector 473 described below withreference to FIG. 4 or data collector 773 described below with referenceto FIG. 7 can be configured to supply ACLs for objects. In someembodiments, ACLs are defined as in the CMIS specification as a list ofaccess control entries (ACEs) where each ACE contains a principal and apermission. A principals service reports principals that might show upin the ACEs inside of an ACL. During a synchronization operation,permissions may be modified by updating all the ACLs for the informationsystems at the backend.

In some embodiments, the common security model may be considered a CMISACL compatible permissions model such that a single source of connectorsfrom the connector framework described above can be the CMIS basedconnectors.

In some embodiments, a data collector may support a list of named “read”and/or “denyRead” permissions such as the following:

-   -   hDenyRead    -   hRead    -   mDenyRead    -   mRead    -   lDenyRead    -   lRead

In this case, “h” represents “high priority,” “m” represents “mediumpriority,” and “l” represents “low priority.” If a user's principalsmatch the principal in the higher level of priority, then that willdetermine their permissions. Otherwise, it will be determined by thenext priority level. At each level, denies are prioritized over allows.The common permissions are logically evaluated in order of prioritiesdefined above.

As an example, suppose an information system at the backend defines thefollowing order in which repository specific permissions are to beevaluated: Explicit Deny, Explicit Allow, and Inherited Permissions(either allow or deny) from ancestors in a containment hierarchy.Inherited permissions are permissions attached to a folder where thefile is in.

One embodiment of a connector may map these permissions to the commonsecurity model disclosed herein as follows:

Explicit Deny→hDenyRead;

Explicit Allow→hAllowRead;

Implicit Allows all go into hAllowRead until the first Deny is hit, thenit is put into mDenyRead until the next Allow is hit, which goes intomAllowRead and so on . . . .

Even though their inheritance chain allows Reads to happen before Denysbecause they just follow the inheritance chain in order, the connectorwill always follow the common security model's definition of order (perthe logical evaluation of priorities defined above). From thisperspective, the connector is transforming the permission evaluationfrom one logical order to another. To do that, the connector follows theinheritance chain defined by the information system and whenever thereis a switch from Allow to Deny, the connector hops to the next availableDeny according to the common security model's definition of order.

Another useful function of connectors disclosed herein is to mapfilenames. A connector can map a filename used in the informationintegration system to a CMIS object name (e.g., LocalName).

Two example representations of the ACLs required by the unified indexare as follows. These are in the “flattened” form sent to the ingestionpipeline.

Representation 1

  <ACLs>    <hDenyRead>       encoded(principal) encoded(principal)      encoded(principal)    </hDenyRead>    <hRead>      encoded(principal) encoded(principal)       encoded(principal)   </hRead>    <mDenyRead>       encoded(principal) encoded(principal)      encoded(principal)    </mDenyRead>    <mRead>      encoded(principal) encoded(principal)       encoded(principal)   </mRead>    <IDenyRead>       encoded(principal) encoded(principal)      encoded(principal)    </IDenyRead>    <IRead>      encoded(principal) encoded(principal)       encoded(principal)   </IRead> </ACLs>

Representation 2

  <ACLs>    <hDenyRead>encoded(principal1)</hDenyRead>   <hDenyRead>encoded(principal2)</hDenyRead>   <hDenyRead>encoded(principal3)</hDenyRead>   <hRead>encoded(principal4)</hRead>   <hRead>encoded(principal5)</hRead>   <hRead>encoded(principal6)</hRead>   <mDenyRead>encoded(principal)</mDenyRead>   <mDenyRead>encoded(principal)</mDenyRead>   <mRead>encoded(principal)</mRead>   <mRead>encoded(principal)</mRead>   <IDenyRead>encoded(principal)</IDenyRead>   <IDenyRead>encoded(principal)</IDenyRead>   <IDenyRead>encoded(principal)</IDenyRead>   <IRead>encoded(principal)</IRead>   <IRead>encoded(principal)</IRead>   <IRead>encoded(principal)</IRead> </ACLs>

As those skilled in the art will appreciate, depending upon therepresentation of the ACLs used by the indexing system, differentencoding mechanisms may be used to commonly encode the principals forthe principals service. Different information systems may encode theirprincipals differently. For example, a user's principal may be encodedas “SYSTEM 16344 1003” in a content server and as“#AUTHENTICATED-USERS#” in a file management system. They are commonlyencoded for the principals service.

Documents which can be seen by all users on a system may be treated byconstructing a repository specific principal representing all users. Theprincipals service may ensure that every user on an information systemhas a principal (e.g., principal=“WORLD”). The data collector may ensurethat every document with these permissions has the principal in thecorrect permissions level.

An information system that supports super users may implement theprincipals service by constructing a repository specific principalrepresenting super users (e.g., principal=“SUPERUSER”). The principalsservice may ensure that only super users have this principal, and thedata collector may ensure that every document has a super user principalassociated with the correct permissions level.

The principals service uses common permissions mapped by the connectors.Depending upon implementation, different types of connectors may be usedby different components of an information integration system. FIG. 4provides an example of an information integration system that may employdifferent types of connectors.

In the example of FIG. 4, information integration system 400 may includeapplication tier 420 having application 422, integration tier 430 havinginformation integration server 450, and storage tier 440 havinginformation systems 480 and database 490. Database 490 may be the sameor similar to database 290 shown in FIG. 2. Architecturally, system 400may be the same or similar to system 200 shown in FIG. 2.

Application 422 can be a search application. A method of implementinginformation integration system 400 in a network computing environmentmay include installing information integration server 450 which includesintegration services 460. In some embodiments, integration services 460may include components the same as or similar to those described abovewith regard to integration services 260. In this example, integrationservices 460 include connectors 465. Connectors 465 can be the same as,similar to, or different from connectors 270 described above withreference to FIG. 2. In one embodiment, each of connectors 465 isparticularly configured for communicating with a specific informationsystem of information systems 480.

Information integration server 450 may further include search system 410and indexer 470. Search system 410 may comprise search API 411, searchengine 413, and unified index 415. Indexer 470 may comprise ingestionpipeline 471, data collector 473, and connectors 475. These componentswill be further described below.

In some embodiments, the method may further include running datacollector 473 to obtain data (e.g., document metadata) from disparateinformation systems 480 for indexing by search system 410. Datacollector 473 may utilize connectors 475 to communicate with informationsystems 480. In some embodiments, connectors 475 can be the same as,similar to, or different from connectors 270 described above withreference to FIG. 2. For example, in one embodiment, each connector 475may be particularly configured for a specific information system ofinformation systems 480 such that data mined from the specificinformation system can be mapped to the CMIS conventions as explainedabove.

Data collected by data collector 473 may be provided to ingestionpipeline 471 for processing. For example, a document may be processedthrough a flow involving several components such as a documentextractor, a path processor, a field mapper, a file type normalizer, adetagger, a summarizer, an indexer, and a cleaner in order to extractdata that can be used by search engine 413 to build unified index 415.Other implementations of indexer 470 may also be possible.

Indexer 470 may feed the processed data to search system 410 to buildunified index 415. Search engine 413 may use unified index 415 and maysupport faceted search (explained below). Other implementations ofsearch system 410 may also be possible.

After installation of integration services 460 and as soon as searchsystem 410 begins to build unified index 415, application 422 may,through integrated services 460 of information integration server 450 atintegration tier 430, have access to some indexed data. This allowsapplication 422 to search and synchronize access to information systems480 at storage tier 440 even before unified index 415 is completelybuilt.

On an ongoing basis, indexer 470 may be used to synchronize withinformation systems 480 at the backend and keep unified index 415up-to-date. At this point, application 422 is fully configured. Forexample, a user may now perform a faceted search utilizing application422.

Faceted search refers to a technique for accessing organizedinformation, combining text search with navigational search using ahierarchy structure. For example, information stored in a repository maybe augmented with facets corresponding to properties of data elementssuch as author, descriptor, format, language, etc.

A facetted search module may comprise a search application programminginterface (API) and a search interface configured to allow a user toenter search text into a text box. As an example, application 422 mayrun an instance of a search interface on a client device associated withthe user. The user input text is communicated to search system 410 viasearch API 411.

Search API 411 may, in turn, return search results to the user via thesearch interface running in application 422. The search interface maypresent the organized search results. For example, the search resultsmay be shown in facets or categories. Each of the categories may beshown with a number of hits (counts). The user can refine the searchresults by browsing or navigating down a path that begins with one ofthe categories. Each time a facet is selected, a new search query isautomatically generated and passed down through the search interface andsearch API 411 to search engine 413 to begin a new, narrower search. Thenew search results are returned and presented to the user in a similarmanner. This process can be repeated until the user enters a new searchquery, ends the session, closes application 422, or otherwise terminatesthe process. Other implementations of search engine 413 may also bepossible.

In one embodiment, application 422 may, via the search interface,present a page with a tree map view of the search result to the user. Asan example, the tree map can be an automatically generated diagram thatlays out items of information in information systems 480 that match thesearch query or queries.

Even though objects referenced in the search results may reside indisparate information systems at the backend, a user is able to accessthem through integration services at the integration tier regardless ofwhere the data actually resides. This is facilitated by mapping the datato the common model as described above. In one embodiment, the mappingcan be hard coded and realized on-the-fly through integration services.As an example, the mapping may include specifying a document type in aconnector such as connector 475 for indexer 470, querying a particularinformation system for documents of the specified document type,collecting the data returned by the information system, and providingthe data to the search application. In one embodiment, connectors 475may comprise a set of proprietary drivers and scripting and data mappingstructure built over the drivers. Other implementations are alsopossible.

The mapping may be synchronized across the integration tier.Specifically, data type definitions may be synchronized acrossconnectors at the integration tier. Referring to FIG. 4, in someembodiments, this can be realized by hard coding connectors 465 andconnectors 475, programmatically ensuring that the data type definitionsare synchronized according to a common model (e.g., IS common model 310described above). The synchronized mapping allows systems at theintegration tier to work together.

As illustrated in FIG. 4, in some embodiments, some components of aninformation integration system such as integration services 460 andindexer 470 may employ different types of connectors to communicate withdisparate information systems 480. In such embodiments, each connector465 is configured for or otherwise adapted to a particular informationsystem 480 and each connector 465 is configured for or otherwise adaptedto a particular information system 480. When a new repository is added,then, this may mean that a new connector 465 for integration services460 is to be configured for or otherwise adapted to communicate with thenew repository and a new connector 475 for indexer 470 is to beconfigured for or otherwise adapted to the same repository.

In some embodiments, some components of an information integrationsystem may employ a connector framework to communicate with disparateinformation systems 480. One example of a connector framework isillustrated in FIG. 5.

In some embodiments, connector framework 500 may comprise connector API505 and connectors 510. Connectors 510 may include preconfiguredconnectors such as Connector1 for a first information system, Connector2for a second information system, and various existing connectors forvarious information systems at the backend. These preconfiguredconnectors may be referred to as repository connectors as they areparticularly configured for and can communicate directly with respectiverepositories.

Connectors 510 may also include extensible connectors. Extensibleconnectors may be created, configured, and deployed into connectorframework 500 and useable by an information integration systempost-installation (e.g., an information integration system that isoperational in an enterprise computing environment). An example of thisprocess is described below with reference to FIG. 6.

A connector service provider interface (SPI) (e.g., connector SPI 515)allows a service provider (e.g., repository providers 520) to deploy andconfigure connectors used by the information integration system tocommunicate with a particular backend system (repository). In someembodiments, a connector SPI may comprise a set of interfaces that aservice provider is to implement if they wish to add a connector to theinformation integration system. To create a connector, an SPI JAR filemay be provided as an example which has the classes that can be used tocreate the connector. The service provider will create a connector usingthe classes provided in the JAR file, debug as usual, deploy theconnector into the information integration system and use the connectorSPI to configure the connector. Depending upon the backend system, typesmay be provided by the service provider.

Referring to FIG. 6, at step 601, process 600 may receive or retrieve aconfiguration specification of a new connector for a repository from arepository provider. The configuration specification may contain typesof configuration parameters for their new connector. At step 605,process 600 may create necessary entries in a database (e.g., database290 shown in FIG. 2, database 490 shown in FIG. 4, database 790 shown inFIG. 7, or database 990 shown in FIG. 9) based on the configurationspecification and enable an administrator for the repository toconfigure (using a connector SPI) the new connector for the specificrepository. For instance, SPI configuration parameters as well aswhatever information that connector needs may be stored in the database.

The new connector may be configured for a set of integration servicessuch as CMIS services, principals service, common model ACL service,authorization service, etc., some of which may be optional. In someembodiments, the new connector may also be configured to use the commonproperty definitions if the repository provider wishes to participate ina unified index provided by the information integration system. In someembodiments, the new connector may also be configured to use the commonmodel permissions if the repository provider wishes to implement theprincipals service.

The configured connector may provide a connection factory and servicemethods particular to the repository. The connection factory may resideat the repository level and may be used to create a connection which ismanaged by the information integration system (and thus is referred toas a managed connection). Additionally, the connection factory mayprocess credentials for accessing the repository.

Once the service provider has configured the connection to theirspecific repository, at step 610, process 600 may send the configurationinformation of the new connector to the specific repository whichencapsulates the CMIS services. When needed, at step 615, the newconnector can be used to create a managed connection to the repository.For example, when there is a service call for an object, an instance ofthe connector may be called with an appropriate object ID to get theobject from the repository. In one embodiment, the integration servicesmay be restarted before the newly configured connector can be used.

For extensible connectors created post-installation, types are createdon the remote systems at the backend. These new connectors can exposeobjects of a type thus created in a consistent way, allowing an objectof that type to be created or viewed.

The flexible, adaptable, and efficient connector framework describedabove can eliminate the need to configure and employ different types ofconnectors for use by different components of an information integrationsystem to communicate with the same information system at the backend.One example of an information integration system having such a connectorframework is illustrated in FIG. 7.

In the example of FIG. 7, system 700 may include application tier 720,integration tier 730, and storage tier 740. Application tier 720 mayhave applications 722 and 724. Application 722 may be a non-search basedapplication and communicate directly with integration services 760.Application 724 may be a search based application and communicatedirectly with search system 710 which utilizes integration services 760.Integration tier 730 may have integration services 760, search system710, ingestion pipeline 771, and data collector 773. Storage tier 740may have information systems 780 and database 790. As illustrated inFIG. 7, non-search based application 722 may utilize search basedapplication 724 to search disparate information systems 780.

Some components of system 700 such as search API, search engine 713,unified index 715, ingestion pipeline 711, and data collector 773 may bethe same or similar to those described above with reference to system400 shown in FIG. 4. Some components of system 700 such asauthentication filter 761, CMIS services 763, connector SPI 765,credential storage (servlet) 767, and credential store 769 may be thesame or similar to those described above with reference to system 200shown in FIG. 2. Architecturally, however, system 700 is different fromsystem 200 and system 400 in that integration services 760 residebetween search system 710 and information systems 780 and also betweendata collector 773 and information systems 780.

Specifically, data collector 773 can collect data from disparateinformation systems 780 using connectors 770 and search system 710 cansearch data across disparate information systems 480 also usingconnectors 770. The connector framework of integration services 760handles all the complexities in dealing with disparate informationsystems 780. Thus, data collector 773 does not need to know how toconnect to information systems 780 or how to map all their repositoryformats to the format ingestion pipeline 771 needs. Moreover, asdescribed above, extensible connectors can be readily created,configured, and deployed into the connector framework of integrationservices 760. The extensible connectors, along with any preconfiguredconnectors, can provide managed connections for system 700 tocommunicate with disparate information systems 780. Thus, although theycould, there is no need for data collector 773 and search system 710 touse different kinds of connectors to communicate with the samerepository at the backend.

As described above, a connector may be configured for a set ofintegration services such as CMIS services, principals service, commonmodel ACL service, authorization service, etc., some of which may beoptional. Thus, embodiments of connectors disclosed herein may vary fromimplementation to implementation, although their principle functions(e.g., bi-directional CMIS mapping, providing managed connections, etc.)remain the same.

Some example integration services will now be described with referenceto FIG. 8.

FIG. 8 depicts a diagrammatic representation illustrating exampleoperations of an information integration system having a set ofintegration services and a search system according to some embodiments.In this example, information integration system 800 may compriseintegration services 860 and search system 810. Information integrationsystem 800 may include additional components such those described abovewith reference to FIGS. 2, 4, and/or 7.

Integration services 860 may comprise principals service 861 andauthorization service 863. Search system 810 may comprise search API811, search engine 813, and unified index 815. Search API 811 maycomprise authorization post filter 806. Search engine 813 may comprisesecurity query parser 802 and query evaluator 804. To facilitateprincipals service 861 and authorization service 863 and use unifiedindex 815, connectors in system 800 would be configured to use thecommon property definitions and the common model permissions (e.g.,common property definitions 311 and common permissions 313 shown in FIG.3) described above.

In some embodiments, an information system at the backend may beconfigured for “early binding”, “late binding”, or “early followed bylate binding.” Early binding of permissions is done by looking up theuser's principals at query time and modifying the query to return onlyresults with correct permissions. The query is modified to include theunion of the user's principals from all repositories being searched. Aprincipals service in the integration services can provide theprincipals for a user in response to a service call. This is furtherexplained below.

Referring again to FIG. 3, common security model 313 in IS common model310 represents one of four security models supported by embodiments ofan information integration system disclosed herein. Specifically, aninformation integration system can support a first security modelconfigured for performing an inbound check at query time (“earlybinding”), a second security model configured for performing an outboundcheck after a search is done (“late binding”), a third security modelconfigured for performing an inbound check and an outbound check after asearch is done (“early followed by late binding,” and a fourth securitymodel where no check is performed (which, in one embodiment, commonpermissions may be defined but not used). Depending upon systemconfiguration (by an administrator), any one of these security modelsmay be implemented at configuration time. For example, the late bindingcan be an option for repositories that use non-CMIS based permissionmodels.

In the first security model, the permission information associated withgroup identifiers is also indexed. Referring to FIG. 8, in response to aquery from a user received at search system 810, search API 811 may callprincipals service 861 to find out with what principal(s) this user isassociated (or of which group the user is a member) and call searchengine 813 to modify (via security query parser 802) a query anddetermine (via query evaluator 804) to find out what that user can seeper their association with the principal(s) based on permissioninformation in unified index 815. This filters the requested search atquery time (and hence “inbound”), rather than after the query isperformed and then integration services 860 review the search results(e.g., page results) before sending them to the user requesting thesearch (outbound).

More specifically, security query parser 802 may augment the query withthe principals for the user. Query evaluator 804 may evaluate thepermissions as part of query evaluation. These permissions are commonpermissions. As described above, common permissions are logicallyevaluated in order of priorities defined in the common security model.Security query parser 802 may translate or modify the query into acomplex Boolean to support evaluation by query evaluator 804.

As an example, a single call to a principals service may be as follows:

GET/v1/user/principals?repoid=,repoid=,

This returns the state of the information systems at the backend (e.g.,a first repository “repo1” and a second repository “repo2” and all ofthe principals assigned to the user in those information systems:

{state: {repo1: ok, repo2: unreliable},principals:[repo1_encoded(systemprincipal1),repo1_encoded(systemprincipal2), repo2_encoded(systemprincipal)]}

In this case, the state is one of the following:

-   -   ok—the results from this repository can be used    -   unreliable—this repository is not available to return principals    -   notSupported—this repository cannot be configured for early        binding

The GET principals call is used to construct the query at query time.For it to be fast, caching can be used.

Depending upon the interaction between the configuration of therepository and the state of the repository returned by the GETprincipals call, the query is modified in different ways. One example isprovided in the table below:

State of Configuration of Repo in Search API repository from Earlyprincipals service Early binding Late binding followed by Late OkInclude results Include results Include results from from repositoryfrom repository repository Unreliable Do not include Include resultsInclude results from results from from repository repository repositorynotSupported Do not include Include results Include results from resultsfrom from repository repository repository

To illustrate, suppose a GET Principals call returns the following:

{state: {repo1: ok, repo2: unreliable}, principals:[repo1_jimbob,repo1_group1]}

Assume that a search API in this case is configured to treat bothinformation systems “repo1” and “repo2” as early binding. The query maybe modified to include (AND) the following filter:

((lallow:repo1_jimbob OR lallow:repo1_group1) AND NOT(hdenyRead:repo1_jimbob OR hdenyRead:repo1_group1) AND NOT(mdenyRead:repo1_jimbob OR mDenyRead:repo1_group1) AND NOT(IDenyRead:repo1_jimbob OR IDenyRead:repo1_group1) ) OR((mRead:repo1_jimbob OR mRead:repo1_group1) AND NOT(hDenyRead:repo1_jimbob OR hDenyRead:repo1_group1) AND NOT(mDenyRead:repo1_jimbob OR mDenyRead:repo1_group1) ) OR((hRead:repo1_jimbob OR hRead:jimbob_group1) AND NOT(hDenyRead:repo1_jimbob OR hDenyRead:repo1_group1)) )

In this case, the query follows the pattern:

(lallow.˜ldeny.˜mdeny.˜hdeny)+(mallow.˜mdeny.˜hdeny)+(hallow.˜hdeny)

Note that in this example, the information system “repo2” was droppedfrom the filter because its state is “unreliable.” Thus, although it isconfigured for early binding, it is not available to reliably report theuser's principals.

In some embodiments, such an inbound check can only be performed if thepermission information has been collected (e.g., via a data collectorsuch as data collector 473 or data collector 773) and the permissioninformation is indexed and stored (e.g., in unified index 415 or unifiedindex 715). If the permission information has changed, that change willnot be in the index until the next time the permission information iscollected. So, this is as accurate and current as the information thatis in the index. However, it is fast because a user's permission isevaluated as part of a search and can be appended to a query (e.g., inone embodiment, by using “AND GROUPID”).

In some embodiments, an outbound check can be performed even if thepermission information is not indexed. In this case, the query isreceived and a search performed. The question as to what search resultthat user can see is federated (via search API 811 and authorizationservice 863) to the information systems at the backend as they are theauthorities on what their users are permitted to view. The authorizationinformation is returned (via authorization service 863) to search API811 and authorization post filter 806 is used to filter search resultsfor the user based on the authorization information. The filtered searchresults are then returned for presentation to the user. Thus, in thesecond security model, the authorization would be accurate and currentbecause it comes from the authority (a backend system). Furthermore,because the backend system is the authority, no modeling of permissionsis necessary. However, this can be slow for users with sparsepermissions.

The third security model can provide the benefits of inbound check 801and outbound check 803. At query time, inbound check 801 can provide afast and efficient way to define a scope of search for the query.Through outbound check 803, the authorization can be verified to makesure that the user's authorization to view the search results isup-to-date.

In some embodiments, an administrator for an information integrationsystem can decide which one common security model to use, by changingthe configuration file and restarting the service. Other implementationsmay also be possible.

The above examples illustrate that embodiments of an informationintegration system described herein may include reusable components.These reusable components may be configured to enable a plurality offunctions, including discovery, data migration, data synchronization,content lifecycle management, in-place records management, search, etc.For example, in some embodiments, a set of reusable components may beprovided for a search engine. In some embodiments, an application mayutilize some of the reusable components to search and/or managedocuments in disparate information systems at the backend.

FIG. 9 depicts a diagrammatic representation of one embodiment of aninformation integration system with optional components, as denoted bythe dashed line boxes. System 900 may include application tier 920having application 922, integration tier 930 having integration services960, and storage tier 940 having information systems 940 and database990. Database 990 may store configuration information as well asencrypted credential information for use by integration services 960.

Integration services 960 may reside at a layer between search system 910and information systems 980 and between data collector 973 andinformation systems 980. Search system 910 may have search API 911,search engine 913, and unified index 915. Data collector 973 may collectdata from disparate information systems 980 through integration services960 and the collected data may be processed by ingestion pipeline 971and used by search system 910 to build and/or update unified index 915in the same or similar way as described above. Some embodiments ofintegration services 960 such as authentication filter 961, CMISservices 963, SPI 965, credential storage 967, and credential store 969may be the same or similar to those described above with reference tointegration services 760.

In the example of FIG. 9, application 922 can be a search application.Those skilled in the art will recognize that different searchapplications may be built to suit different needs. Examples of differentsearch applications are described below with reference to FIGS. 13-15.Depending upon application, system 900 may further include a unique userinterface (UI) layer 924. As illustrated in FIG. 9, UI layer 924 may bebuilt on top of an embodiment of an information integration platform(e.g., integration tier 930) and configured to utilize a search systemrunning on the information integration platform. For example, UI layer924 may be configured to communicate with search API 911, filter datafrom disparate information systems at the backend using search engine913 and unified index 915, and display the filtered data in variousways, as explained below. In some embodiments, system 900 may not needto include all the components of integration services 960.

As illustrated in FIG. 9, in one embodiment, integration services 960may comprise only connectors 970 through which search system 910 anddata collector 973 can fully enable application 922 in performing searchfunctions, including faceted search described above.

Specifically, to build unified index 915, data collector 973 may collectdata via connectors 970 from information systems 980 at storage tier 940and provide the collected data to ingestion pipeline 971 for processing.Ingestion pipeline 971 may process the collected data and provide theprocessed data to search system 910 for indexing. Connectors 970 may mapdata from repository specific data models used by information systems980 at the backend to an information integration common model asdescribed above.

In an embodiment where search system 910 and data collector 973 only useconnectors 970 in integration services 960, a user may not be able toact on a search result through integration services 960. For example,the user may not be able to directly manipulate an item of information(e.g., a document) referenced in the search result. However, the usercan perform search via application 922 and view the search result. Inthis embodiment, when the user selects a search result, say, a document,the user is taken directly to the document, directly in the contentmanagement system where the document resides.

As the above examples illustrate, search systems and data collectors canbe specific to search based applications. For search purposes,therefore, embodiments of an information integration system can beconfigured in various ways.

FIG. 10 depicts a diagrammatic representation of an informationintegration system with different possible configurations according tosome embodiments. In this example, system 1000 may include browser 1001running on a client device associated with a user. Browser 1001 may runBackbone.jr for event based interaction of models, views, andcontrollers and jQuery for Document Object Model (DOM) manipulations.Backbone.js gives structure to web applications by providing models withkey-value binding and custom events, collections with a rich API ofenumerable functions, views with declarative event handling, andconnects it all to an existing API over a RESTful JavaScript ObjectNotation (JSON) interface. jQuery is a multi-browser JavaScript library.DOM, JSON, Backbone.js, and jQuery are known to those skilled in the artand thus are not further described herein.

Browser 1001 may implement the model-view-controller (MVC) softwarearchitecture that separates the representation of information from theuser's interaction with it. Those skilled in the art will appreciatethat a model in the MVC architecture (referred to hereinafter as abrowser model) may contain application data, business rules, logic, andfunctions; a view can be any output representation of data, such as adocument or a diagram; and multiple views of the same data are possible.For example, the same set of data points may be represented using ahistogram or a table. The controller mediates input and converts it tocommands for the browser model or view.

In the example of system 1000, the browser models employed by browser1001 are what communicate with application 1022 on the server side.Specifically, when a user clicks on a search form presented in a view,an underlying browser model communicates to application servlet 1024.Application servlet 1024, in one embodiment, can be a document server(DS) resource. As an example, system S1 can be a document servercommunicatively connected to application servlet 1024 and henceapplication 1022 via managed connection M1 to connector C1 and henceintegration services 1060. Integration services 1060 may also be a DSresource. All DS resources are registered with the document server.

In the example of FIG. 10, when a search is performed, a search query iscommunicated from application servlet 1024 to search API 1051. SearchAPI 1051 may authenticate the user (via authentication filter 1061),make sure that the search query has the authenticated user informationin it, and call search engine 1013.

In one embodiment, search engine 1013 may implement Solr Cloud. SolrCloud is multi-process distributed Solr. It may have multiple Solrnodes. Solr Cloud and Solr nodes are known to those skilled in the artand thus are not further described herein.

To perform the search, search engine 1013 may utilize a unified indexsuch as unified index 415 or unified index 715 described above. In thisexample, such a unified index may be built by running data collector1073A to collect data from information systems S1, S3, S5, and S7 at thebackend, processing the collected data using ingestion pipeline 1053,and indexing the processed data. In one embodiment, data collected frominformation systems at the backend may be stored in shared folder 1085and ingestion pipeline 1053 may read data from shared folder 1085,process the data, and provide the output to search engine 1013 forindexing. As an example, shared folder 1085 can be implemented utilizingan Extensible Markup Language (XML) file and a binary file.

In one embodiment, data collector 1073A may collect data frominformation systems using repository specific connectors and withoutusing integration services 1060 in a manner similar to data collector473 described above with reference to FIG. 4. In an alternativeembodiment, data collector 1073B may collect data from informationsystems through integration services 1060 using connectors C1, C3, C5,and C7 in connector framework 1070 in a manner similar to data collector773 described above with reference to FIG. 7.

In some embodiments, console based administration 1087 may allow anadministrator user to perform command line tasks (other than using agraphical user interface) relating to data collector 1073A. In someembodiments, administration API 1057 may allow an administrator user toperform administrative tasks relating to ingestion pipeline 1053.

When a search is performed, a page result can be authorized byintegration services 1060 using authorization servlet 1065. This isreferred to as an outbound check. Similar to the example described abovewith reference to FIG. 8, authorization servlet 1066 may check withinformation system(s) at the backend as to what this user is permittedto view. If the user does not already have a session with a requestedinformation system, credential servlet 1067 may access credential store1069 to retrieve the user's credentials (e.g., a user ID and password)and calls CMIS servlet 1063 to open a session. The user password may bepadded or normalized, encrypted and stored in database 1090 which mayreside behind a firewall. If the common security model implemented bysystem 1000 calls for an inbound check to be performed, at query time,search API 1051 may call principals servlet 1068 to find out what theuser is permitted to view per their principal(s), as explained above,before calling search engine 1013. Both authorization servlet 1065 andprincipals servlet 1068 can be optional in some embodiments.

Similar to the example CMIS gateways described above, CMIS servlet 1063may utilize connectors C1, C3, C5, and C7 to map metadata frominformation systems S1, S3, S5, and S7 to an IS common model. Each ofthe connectors C1, C3, C5, and C7 may be communicatively connected toinformation systems S1, S3, S5, and S7 via managed connections M1, M3,M5, and M7. Connectors C1, C3, C5, and C7 are capable of performingbi-directional CMIS mapping described above. CMIS servlet 1063 knowswhich connector to call for which information system by utilizing therepository identifier (ID) in the search result. The repository ID isplaced in the index along with the object ID for each object indexed inthe unified index. Thus, responsive to a search result being selectedfor viewing, CMIS servlet 1063 may call a connector associated with therepository ID in the search result to obtain an object having theassociated object ID.

A search result may be provided to a user in various ways. For example,a link may be provided to the user via browser 1001. When the link isclicked on, the user may be connected directly to a repositoryapplication (e.g., a content management application running oninformation system S1). In some embodiments, the user may be presentedwith an option to share the search result via a secure content sharingand synchronization system. For discussion and examples of a suitablesecure content sharing and synchronization system, readers are directedto U.S. patent application Ser. No. 13/651,367, filed Oct. 12, 2012,entitled “SYSTEM AND METHOD FOR SECURE CONTENT SHARING ANDSYNCHRONIZATION,” which is incorporated by reference herein.

In the example of FIG. 10, connectors C1, C3, C5, and C7 for informationsystems S1, S3, S5, and S7 may be preconfigured connectors provided bysystem 900. Optionally, post-installation of system 900, a connectorservice provider may add an extensible connector C9 to create managedconnection M9 for communicating with information system S9. Anadministrator may configure connector C9 using connector SPI 1065, asexplained above.

As mentioned above, authentication filters such as authentication filter1061 may be utilized to control access to information systems S1, S3,S5, and S7. In some cases, there may not be a need to have control overaccess. Alternatively, in one embodiment, an external authenticationserver may be used. In other embodiments, application 1022 may performor otherwise handle authentication. Accordingly, depending uponapplications, authentication filter 1061 and credential servlet 1067 maybe optional.

In some embodiments, application 1022 may be a non-search basedapplication and, therefore, search components such as search API 1051and search engine 1013 may be optional. Depending upon whetherapplication 1022 may be used for search purposes, different methods ofinformation integration may be implemented, as illustrated in FIGS. 11and 12.

FIG. 11 depicts a flow diagram illustrating one embodiment of a methodfor information integration across disparate information systems fornon-search based applications. Method 1100 may comprise connecting aninformation integration system to a non-search based application anddisparate information systems (step 1102). Step 1102 may be optionalwhen adding extensible connector(s) post-installation of the informationintegration system. Method 1100 may further comprise configuring theconnectors for bi-directional CMIS mapping as described above (step1104). Once the connectors are configured, method 1100 may startintegration services and service the non-search based application usingthe configured connectors.

FIG. 12 depicts a flow diagram illustrating one embodiment of a methodfor information integration across disparate information systems forsearch based applications. Method 1200 may comprise connecting aninformation integration system to a search based application anddisparate information systems (step 1202). Step 1202 may be optionalwhen adding extensible connector(s) post-installation of the informationintegration system. Method 1200 may further comprise configuring theconnectors for bi-directional CMIS mapping as described above (step1204); collecting data from the information systems (step 1206);analyzing data (which may entail converting content to text, summarizingthe content, and determining keywords from the content, etc.) (step1208); and building a unified index using data mapped to the IS commonmodel as described above (step 1210). Depending upon implementation,data can be collected and then mapped or mapped and then collected. Theunified index may be synchronized with the information systems at thebackend (step 1212). Finally, method 1200 may start integration servicesand service the search based application using the configured connectorsand the unified index (step 1214). From time to time, or on demand, theunified index may be synchronized with the information systems at thebackend to ensure that the indexed information is up-to-date.

In some embodiments, document conversion may be performed by a datacollector. In some embodiments, document conversion may be performed byan ingestion pipeline. As an example, this document conversion componentmay take a text based document and extract the text from it forindexing, takes a portable document format (PDF) document and extractthe text from it for indexing, etc. This can be useful because someapplications can write to the ingestion pipeline and do the conversionthere and the data thus processed gets indexed without having to use adata collector or integration services. The ingestion pipeline isconfigurable, so it will also work when the document conversion isperformed by a data collector.

Embodiments disclosed herein can work with various types ofapplications. Example use cases may include, but are not limited todiscovery, content assessment, data migration, lifecycle management,etc. Embodiments of an information integration system disclosed hereinprovide a unified way for an application to analyze, search, manage,manipulate, and/or access disparate information systems at the backendwhile providing an easy way to add new information systems viaextensible connectors without requiring custom integration. As describedabove, search results from various information systems can be integratedat the information integration system and provided to an applicationconnected thereto. The application may present the search results invarious ways, one example of which is illustrated in FIG. 13.

FIG. 13 depicts a diagrammatic representation of user interface (UI)1300 of an example discovery application displaying search resultsprovided by one embodiment of an information integration systemdisclosed herein. The discovery application may implement variousfunctions of the information integration system via a unique UI layer(e.g., user interface layer 924 shown in FIG. 9). The UI layer maycomprise a library of various user experience (UX) UI components thatcan be used as building blocks by application developers and that can becombined in various ways to create different applications. Because, asexplained above with reference to FIG. 9, the UI layer is built on topof an embodiment of an information integration platform, these UXUIcomponents can take advantage of a unified index provided by theinformation integration platform. Specifically, the UXUI components canbe configured to interface with a search API running on the informationintegration platform. Since the UI layer communicates with disparateinformation systems through integration services, no complicatedprogramming is required.

The UXUI components can be used to create one or more filter widgets inan application to allow an end user to effortlessly create variousvisualizations of data across disparate information systems. Thisapproach (using UXUI components built on top of an informationintegration platform to create applications) makes for a very flexibleand efficient way to develop custom applications for the informationintegration platform.

For example, as illustrated in FIG. 13, the example discoveryapplication may have search function 1310 and filtering function 1320.Filtering function 1320 may include various filter widgets 1322-1338.Each filter widget may be associated with a UXUI component configuredfor visualizing data from disparate information systems according tocertain metadata indexed and stored in the unified index. Examples ofsuch metadata may include location, file system path (e.g., folder, filetype, etc.), age (e.g., last modified), creator, file size, keywords,phrases, phrases, personal identifiable information (PII), companies,language, country, departments, etc. The UXUI components may implementvarious visualization techniques.

In the example of FIG. 13, suppose a user wishes to search repositoriesB, E, and F. Repositories B, E, and F may store different types ofinformation. For example, repository B may store documents written inlanguages of different countries; repository E may store informationrelated to departments in the user's company (e.g., management, humanresources, etc.); and repository F may store contents created by variousauthors for use in various countries. Location widget 1322 may be usedto select repositories B, E, and F; creator widget 1328 may be used toselect author(s); and keywords widget 1332 may be used to selectdepartments, countries, and/or language(s). These user selections/inputsmay be communicated to the search API running on the informationintegration platform. The search engine uses the unified index to locatethe requested data and returns the search results via the search API.Filtering function 1320 may interpret the search results and use a treemap methodology to display a visualization of the search results whereeach box displayed in UI 1300 represents a node in the tree, and thesize of the box represents the number of the results for the metadata ofinterest.

Additionally, via a CMIS gateway described above, the discoveryapplication may allow a user to set credentials for their access to arepository at the backend, browse the data on the repository (e.g.,select by type), delete a file in the repository, add an object to therepository, and/or download a document from the repository. Otherimplementations may also be possible.

Those skilled in the art will appreciate that different applications maybe created using different combinations of UXUI components at the UIlayer. FIG. 14 depicts a diagrammatic representation of a user interfaceof an example lifecycle management application displaying a dashboardgenerated using an embodiment of an information integration systemdisclosed herein. In this example, UI 1400 shows differentvisualizations 1410, 1420, 1430, and 1440. Each visualization can be amanifestation of a particular combination of UXUI components. This isfurther illustrated in FIG. 15.

FIG. 15 depicts a diagrammatic representation of page view 1500illustrating filtering function 1520 having classification widget 1522,age widget 1524, access widget 1526, retention widget 1528, and documenttype widget 1530. Similar to what is described above with reference toFIG. 13, user interactions with these widgets (e.g., user selectionsand/or inputs) may be communicated to a search API running on anembodiment of an information integration platform disclosed herein. Asearch engine may use a unified index maintained by the informationintegration platform to locate the requested data (selected via one ormore of widgets 1522-1530, in this example) and returns search resultsvia the search API. Filtering function 1520 may interpret the searchresults and display a visualization of the search results using a barchart. Various other visualization techniques are also possible.

In the example of FIG. 15, the bar chart provides a visualization ofclassified vs. unclassified information. Classified means that a recordsmanagement classification (or any other category) has been assigned tothese documents. A classification can be assigned by various ways:manually by end user, by inheritance from a folder or by an automatedsystem such as Auto-Classification. Unclassified means that thesedocuments do not have a records management classification or any othercategories. Records management classifications are used to organizeinformation and drive retention and disposal of content as required bylaw and/or policy. This chart provides an overview of the proportion ofcontent that is under a retention policy vs. content that is not subjectto classification.

FIG. 16 depicts a diagrammatic representation of a data processingsystem for implementing portions and components of an informationintegration system. As shown in FIG. 16, data processing system 1600 mayinclude one or more central processing units (CPU) or processors 1601coupled to one or more user input/output (I/O) devices 1602 and memorydevices 1603. Examples of I/O devices 1602 may include, but are notlimited to, keyboards, displays, monitors, touch screens, printers,electronic pointing devices such as mice, trackballs, styluses, touchpads, or the like. Examples of memory devices 1603 may include, but arenot limited to, hard drives (HDs), magnetic disk drives, optical diskdrives, magnetic cassettes, tape drives, flash memory cards, randomaccess memories (RAMs), read-only memories (ROMs), smart cards, etc.Data processing system 1600 can be coupled to display 1606, informationdevice 1607 and various peripheral devices (not shown), such asprinters, plotters, speakers, etc. through I/O devices 1602. Dataprocessing system 1600 may also be coupled to external computers orother devices through network interface 1604, wireless transceiver 1605,or other means that is coupled to a network such as a local area network(LAN), wide area network (WAN), or the Internet.

Those skilled in the relevant art will appreciate that the invention canbe implemented or practiced with other computer system configurations,including without limitation multi-processor systems, network devices,mini-computers, mainframe computers, data processors, and the like. Theinvention can be embodied in a general purpose computer, or a specialpurpose computer or data processor that is specifically programmed,configured, or constructed to perform the functions described in detailherein. The invention can also be employed in distributed computingenvironments, where tasks or modules are performed by remote processingdevices, which are linked through a communications network such as aLAN, WAN, and/or the Internet. In a distributed computing environment,program modules or subroutines may be located in both local and remotememory storage devices. These program modules or subroutines may, forexample, be stored or distributed on computer-readable media, includingmagnetic and optically readable and removable computer discs, stored asfirmware in chips, as well as distributed electronically over theInternet or over other networks (including wireless networks). Examplechips may include Electrically Erasable Programmable Read-Only Memory(EEPROM) chips. Embodiments discussed herein can be implemented insuitable instructions that may reside on a non-transitory computerreadable medium, hardware circuitry or the like, or any combination andthat may be translatable by one or more server machines. Examples of anon-transitory computer readable medium are provided below in thisdisclosure.

Although the invention has been described with respect to specificembodiments thereof, these embodiments are merely illustrative, and notrestrictive of the invention. The description herein of illustratedembodiments of the invention, including the description in the Abstractand Summary, is not intended to be exhaustive or to limit the inventionto the precise forms disclosed herein (and in particular, the inclusionof any particular embodiment, feature or function within the Abstract orSummary is not intended to limit the scope of the invention to suchembodiment, feature or function). Rather, the description is intended todescribe illustrative embodiments, features and functions in order toprovide a person of ordinary skill in the art context to understand theinvention without limiting the invention to any particularly describedembodiment, feature or function, including any such embodiment featureor function described in the Abstract or Summary. While specificembodiments of, and examples for, the invention are described herein forillustrative purposes only, various equivalent modifications arepossible within the spirit and scope of the invention, as those skilledin the relevant art will recognize and appreciate. As indicated, thesemodifications may be made to the invention in light of the foregoingdescription of illustrated embodiments of the invention and are to beincluded within the spirit and scope of the invention. Thus, while theinvention has been described herein with reference to particularembodiments thereof, a latitude of modification, various changes andsubstitutions are intended in the foregoing disclosures, and it will beappreciated that in some instances some features of embodiments of theinvention will be employed without a corresponding use of other featureswithout departing from the scope and spirit of the invention as setforth. Therefore, many modifications may be made to adapt a particularsituation or material to the essential scope and spirit of theinvention.

Reference throughout this specification to “one embodiment”, “anembodiment”, or “a specific embodiment” or similar terminology meansthat a particular feature, structure, or characteristic described inconnection with the embodiment is included in at least one embodimentand may not necessarily be present in all embodiments. Thus, respectiveappearances of the phrases “in one embodiment”, “in an embodiment”, or“in a specific embodiment” or similar terminology in various placesthroughout this specification are not necessarily referring to the sameembodiment. Furthermore, the particular features, structures, orcharacteristics of any particular embodiment may be combined in anysuitable manner with one or more other embodiments. It is to beunderstood that other variations and modifications of the embodimentsdescribed and illustrated herein are possible in light of the teachingsherein and are to be considered as part of the spirit and scope of theinvention.

In the description herein, numerous specific details are provided, suchas examples of components and/or methods, to provide a thoroughunderstanding of embodiments of the invention. One skilled in therelevant art will recognize, however, that an embodiment may be able tobe practiced without one or more of the specific details, or with otherapparatus, systems, assemblies, methods, components, materials, parts,and/or the like. In other instances, well-known structures, components,systems, materials, or operations are not specifically shown ordescribed in detail to avoid obscuring aspects of embodiments of theinvention. While the invention may be illustrated by using a particularembodiment, this is not and does not limit the invention to anyparticular embodiment and a person of ordinary skill in the art willrecognize that additional embodiments are readily understandable and area part of this invention.

ROMs, RAMs, and HDs are computer memories for storingcomputer-executable instructions executable by a CPU or capable of beingcompiled or interpreted to be executable by the CPU. Suitablecomputer-executable instructions may reside on a computer readablemedium (e.g., a ROM, a RAM, and/or a HD), hardware circuitry or thelike, or any combination thereof. Within this disclosure, the term“computer readable medium” or is not limited to ROMs, RAMs, and HDs andcan include any type of data storage medium that can be read by aprocessor. For example, a computer-readable medium may refer to a datacartridge, a data backup magnetic tape, a floppy diskette, a flashmemory drive, an optical data storage drive, a CD-ROM, ROM, RAM, HD, orthe like. The processes described herein may be implemented in suitablecomputer-executable instructions that may reside on a computer readablemedium (for example, a disk, CD-ROM, a memory, etc.). Alternatively, thecomputer-executable instructions may be stored as software codecomponents on a direct access storage device array, magnetic tape,floppy diskette, optical storage device, or other appropriatecomputer-readable medium or storage device.

Any suitable programming language can be used to implement the routines,methods or programs of embodiments of the invention described herein,including C, C++, Java, JavaScript, HTML, or any other programming orscripting code, etc. Other software/hardware/network architectures maybe used. For example, the functions of the disclosed embodiments may beimplemented on one computer or shared/distributed among two or morecomputers in or across a network. Communications between computersimplementing embodiments can be accomplished using any electronic,optical, radio frequency signals, or other suitable methods and tools ofcommunication in compliance with known network protocols.

Different programming techniques can be employed such as procedural orobject oriented. Any particular routine can execute on a single computerprocessing device or multiple computer processing devices, a singlecomputer processor or multiple computer processors. Data may be storedin a single storage medium or distributed through multiple storagemediums, and may reside in a single database or multiple databases (orother data storage techniques). Although the steps, operations, orcomputations may be presented in a specific order, this order may bechanged in different embodiments. In some embodiments, to the extentmultiple steps are shown as sequential in this specification, somecombination of such steps in alternative embodiments may be performed atthe same time. The sequence of operations described herein can beinterrupted, suspended, or otherwise controlled by another process, suchas an operating system, kernel, etc. The routines can operate in anoperating system environment or as stand-alone routines. Functions,routines, methods, steps and operations described herein can beperformed in hardware, software, firmware or any combination thereof.

Embodiments described herein can be implemented in the form of controllogic in software or hardware or a combination of both. The controllogic may be stored in an information storage medium, such as acomputer-readable medium, as a plurality of instructions adapted todirect an information processing device to perform a set of stepsdisclosed in the various embodiments. Based on the disclosure andteachings provided herein, a person of ordinary skill in the art willappreciate other ways and/or methods to implement the invention.

It is also within the spirit and scope of the invention to implement insoftware programming or code an of the steps, operations, methods,routines or portions thereof described herein, where such softwareprogramming or code can be stored in a computer-readable medium and canbe operated on by a processor to permit a computer to perform any of thesteps, operations, methods, routines or portions thereof describedherein. The invention may be implemented by using software programmingor code in one or more general purpose digital computers, by usingapplication specific integrated circuits, programmable logic devices,field programmable gate arrays, optical, chemical, biological, quantumor nanoengineered systems, components and mechanisms may be used. Ingeneral, the functions of the invention can be achieved by any means asis known in the art. For example, distributed, or networked systems,components and circuits can be used. In another example, communicationor transfer (or otherwise moving from one place to another) of data maybe wired, wireless, or by any other means.

A “computer-readable medium” may be any medium that can contain, store,communicate, propagate, or transport the program for use by or inconnection with the instruction execution system, apparatus, system ordevice. The computer readable medium can be, by way of example only butnot by limitation, an electronic, magnetic, optical, electromagnetic,infrared, or semiconductor system, apparatus, system, device,propagation medium, or computer memory. Such computer-readable mediumshall generally be machine readable and include software programming orcode that can be human readable (e.g., source code) or machine readable(e.g., object code). Examples of non-transitory computer-readable mediacan include random access memories, read-only memories, hard drives,data cartridges, magnetic tapes, floppy diskettes, flash memory drives,optical data storage devices, compact-disc read-only memories, and otherappropriate computer memories and data storage devices. In anillustrative embodiment, some or all of the software components mayreside on a single server computer or on any combination of separateserver computers. As one skilled in the art can appreciate, a computerprogram product implementing an embodiment disclosed herein may compriseone or more non-transitory computer readable media storing computerinstructions translatable by one or more processors in a computingenvironment.

A “processor” includes any, hardware system, mechanism or component thatprocesses data, signals or other information. A processor can include asystem with a general-purpose central processing unit, multipleprocessing units, dedicated circuitry for achieving functionality, orother systems. Processing need not be limited to a geographic location,or have temporal limitations. For example, a processor can perform itsfunctions in “real-time,” “offline,” in a “batch mode,” etc. Portions ofprocessing can be performed at different times and at differentlocations, by different (or the same) processing systems.

It will also be appreciated that one or more of the elements depicted inthe drawings/figures can also be implemented in a more separated orintegrated manner, or even removed or rendered as inoperable in certaincases, as is useful in accordance with a particular application.Additionally, any signal arrows in the drawings/figures should beconsidered only as exemplary, and not limiting, unless otherwisespecifically noted.

As used herein, the terms “comprises,” “comprising,” “includes,”“including,” “has,” “having,” or any other variation thereof, areintended to cover a non-exclusive inclusion. For example, a process,product, article, or apparatus that comprises a list of elements is notnecessarily limited only those elements but may include other elementsnot expressly listed or inherent to such process, process, article, orapparatus.

Furthermore, the term “or” as used herein is generally intended to mean“and/or” unless otherwise indicated. For example, a condition A or B issatisfied by any one of the following: A is true (or present) and B isfalse (or not present), A is false (or not present) and B is true (orpresent), and both A and B are true (or present). As used herein,including the claims that follow, a term preceded by “a” or “an” (and“the” when antecedent basis is “a” or “an”) includes both singular andplural of such term, unless clearly indicated within the claim otherwise(i.e., that the reference “a” or “an” clearly indicates only thesingular or only the plural). Also, as used in the description hereinand throughout the claims that follow, the meaning of “in” includes “in”and “on” unless the context clearly dictates otherwise. The scope of thepresent disclosure should be determined by the following claims andtheir legal equivalents.

What is claimed is:
 1. A method, comprising: responsive to a searchquery from a user, at query time, evaluating a security level associatedwith the user relative to the search query according to a securitymodel, the evaluating performed by a search system embodied on at leastone server machine, the search query received from a client devicecommunicatively connected to the search system; modifying the searchquery in accordance with the security level associated with the user todefine a scope of search for the search query, the modifying performedby the search system, wherein the search system performs the searchquery that has been modified in accordance with the security levelassociated with the user; after the search query is performed, verifyingwhether the user has authorization to view search results from thesearch query, the verifying performed by the search system; based onauthorization information associated with the user, filtering outdocuments in the search results for which the user is not authorized toaccess, the filtering performed by the search system; and presenting, onthe client device, only documents in the search results for which theuser is authorized to access.
 2. The method according to claim 1,wherein the security model defines an inbound check and an outboundcheck, the inbound check checking user permissions with respect tosearch queries at query time, the outbound check checking user accessrights with respect to search results so as to produce filtered searchresults prior to presentation of the filtered search results on userdevices.
 3. The method according to claim 1, wherein the security levelassociated with the user is obtained by the search system via aprincipals service running on an information integration server andwherein the information integration server integrates information fromdisparate information systems communicatively connected to theinformation integration server.
 4. The method according to claim 1,wherein the authorization information associated with the user isobtained by the search system via an authorization service running on aninformation integration server and wherein the information integrationserver integrates information from disparate information systemscommunicatively connected to the information integration server.
 5. Themethod according to claim 1, wherein the security level associated withthe user and the authorization information associated with the user areobtained by the search system via an information integration server,wherein the information integration server integrates information fromdisparate information systems communicatively connected to theinformation integration server, wherein credentials for the user toaccess the disparate information systems are stored in an encrypteddatabase, and wherein the encrypted database is internal to theinformation integration server.
 6. The method according to claim 1,wherein the security level associated with the user and theauthorization information associated with the user are obtained by thesearch system via an information integration server, wherein theinformation integration server integrates information from disparateinformation systems communicatively connected to the informationintegration server, wherein credentials for the user to access thedisparate information systems are stored in an encrypted database, andwherein the encrypted database is external to the informationintegration server.
 7. The method according to claim 1, wherein thesearch system comprises a unified index that implements the securitymodel and wherein the unified index references information stored indisparate information systems.
 8. A search system, comprising: at leastone processor; at least one non-transitory computer readable medium; andstored instructions translatable by the at least one processor toperform: responsive to a search query from a user, at query time,evaluating a security level associated with the user relative to thesearch query according to a security model, the search query receivedfrom a client device communicatively connected to the search system;modifying the search query in accordance with the security levelassociated with the user to define a scope of search for the searchquery, wherein the search system performs the search query that has beenmodified in accordance with the security level associated with the user;after the search query is performed, verifying whether the user hasauthorization to view search results from the search query; based onauthorization information associated with the user, filtering outdocuments in the search results for which the user is not authorized toaccess; and presenting, on the client device, only documents in thesearch results for which the user is authorized to access.
 9. The searchsystem of claim 8, wherein the security model defines an inbound checkand an outbound check, the inbound check checking user permissions withrespect to search queries at query time, the outbound check checkinguser access rights with respect to search results so as to producefiltered search results prior to presentation of the filtered searchresults on user devices.
 10. The search system of claim 8, wherein thesecurity level associated with the user is obtained via a principalsservice running on an information integration server and wherein theinformation integration server integrates information from disparateinformation systems communicatively connected to the informationintegration server.
 11. The search system of claim 8, wherein theauthorization information associated with the user is obtained via anauthorization service running on an information integration server andwherein the information integration server integrates information fromdisparate information systems communicatively connected to theinformation integration server.
 12. The search system of claim 8,wherein the security level associated with the user and theauthorization information associated with the user are obtained via aninformation integration server, wherein the information integrationserver integrates information from disparate information systemscommunicatively connected to the information integration server, whereincredentials for the user to access the disparate information systems arestored in an encrypted database, and wherein the encrypted database isinternal to the information integration server.
 13. The search system ofclaim 8, wherein the security level associated with the user and theauthorization information associated with the user are obtained via aninformation integration server, wherein the information integrationserver integrates information from disparate information systemscommunicatively connected to the information integration server, whereincredentials for the user to access the disparate information systems arestored in an encrypted database, and wherein the encrypted database isexternal to the information integration server.
 14. The search system ofclaim 8, further comprising a unified index that implements the securitymodel, wherein the unified index references information stored indisparate information systems.
 15. A computer program product comprisingat least one non-transitory computer readable medium storinginstructions translatable by at least one processor of a search systemto perform: responsive to a search query from a user, at query time,evaluating a security level associated with the user relative to thesearch query according to a security model, the search query receivedfrom a client device communicatively connected to the search system;modifying the search query in accordance with the security levelassociated with the user to define a scope of search for the searchquery, wherein the search system performs the search query that has beenmodified in accordance with the security level associated with the user;after the search query is performed, verifying whether the user hasauthorization to view search results from the search query; based onauthorization information associated with the user, filtering outdocuments in the search results for which the user is not authorized toaccess; and presenting, on the client device, only documents in thesearch results for which the user is authorized to access.
 16. Thecomputer program product of claim 15, wherein the security model definesan inbound check and an outbound check, the inbound check checking userpermissions with respect to search queries at query time, the outboundcheck checking user access rights with respect to search results so asto produce filtered search results prior to presentation of the filteredsearch results on user devices.
 17. The computer program product ofclaim 15, wherein the security level associated with the user isobtained via a principals service running on an information integrationserver and wherein the information integration server integratesinformation from disparate information systems communicatively connectedto the information integration server.
 18. The computer program productof claim 15, wherein the authorization information associated with theuser is obtained via an authorization service running on an informationintegration server and wherein the information integration serverintegrates information from disparate information systemscommunicatively connected to the information integration server.
 19. Thecomputer program product of claim 15, wherein the security levelassociated with the user and the authorization information associatedwith the user are obtained via an information integration server,wherein the information integration server integrates information fromdisparate information systems communicatively connected to theinformation integration server, wherein credentials for the user toaccess the disparate information systems are stored in an encrypteddatabase, and wherein the encrypted database is internal to theinformation integration server.
 20. The computer program product ofclaim 15, wherein the security level associated with the user and theauthorization information associated with the user are obtained via aninformation integration server, wherein the information integrationserver integrates information from disparate information systemscommunicatively connected to the information integration server, whereincredentials for the user to access the disparate information systems arestored in an encrypted database, and wherein the encrypted database isexternal to the information integration server.